diff --git a/helpers/shells/updateRepo.sh b/helpers/shells/updateRepo.sh old mode 100755 new mode 100644 index d46f7d2..184e3a1 --- a/helpers/shells/updateRepo.sh +++ b/helpers/shells/updateRepo.sh @@ -1,20 +1,25 @@ #!/usr/bin/env bash # Shell created by Raven for BorgWarehouse. -# This shell takes 2 args : [user] [new SSH pub key] [quota] -# This shell updates the ssh key for a repository. +# This shell takes 3 args: [repositoryName] [new SSH pub key] [quota] +# This shell updates the SSH key and the quota for a repository. # Exit when any command fails set -e -# Check args -if [ "$1" == "" ] || [ "$2" == "" ] || [ "$3" == "" ];then - echo "This shell takes 3 args : [user] [new SSH pub key] [quota]" - exit 1 +# Load .env if exists +if [[ -f .env ]]; then + source .env fi -# Some variables -home="/var/borgwarehouse/$1" +# Default value if .env not exists +: "${home:=/home/borgwarehouse}" + +# Check args +if [ "$1" == "" ] || [ "$2" == "" ] || [ "$3" == "" ]; then + echo "This shell takes 3 args: [repositoryName] [new SSH pub key] [quota]" + exit 1 +fi # Check if the SSH public key is a valid format # This pattern validates SSH public keys for : rsa, ed25519, ed25519-sk @@ -25,23 +30,43 @@ then exit 2 fi -# Check if username length is 8 char. With createRepo.sh our randoms have a length of 8 characters. -# If we receive another length there is necessarily a problem. -username=$1 -if [ ${#username} != 8 ] -then - echo "Error with the length of the username." +# Check if repositoryName length is 8 char. With createRepo.sh our randoms have a length of 8 characters. +# If we receive another length, there is necessarily a problem. +repositoryName=$1 +if [ ${#repositoryName} != 8 ]; then + echo "Error with the length of the repositoryName." exit 3 fi -# Check if the user exists -if ! id "$1" &>/dev/null; then - echo "The user $1 does not exist" +# Check if a line in authorized_keys contains repository_name +if ! grep -q "command=\".*${repositoryName}.*\",restrict" "$home/.ssh/authorized_keys"; then + echo "No line containing $repositoryName found in authorized_keys" exit 4 fi -# Modify authorized_keys for the user : only the ssh key is modify with this regex -sudo sed -ri "s|(command=\".*\",restrict ).*|\1$2|g" "$home/.ssh/authorized_keys" +# Check if the new SSH pub key is already present on a line OTHER than the one corresponding to repositoryName +found=false +regex="command=\".*${repositoryName}.*\",restrict" +while IFS= read -r line; do + if [[ $line =~ $pattern ]]; then + # Get the SSH pub key of the line (ignore the comment) + key1=$(echo ${BASH_REMATCH[0]} | awk '{print $1 " " $2}') + # Get the SSH pub key of the new SSH pub key (ignore the comment) + key2=$(echo "$2" | awk '{print $1 " " $2}') + + if [ "$key1" == "$key2" ]; then + # If the SSH pub key is already present on a line other than the one corresponding to repositoryName + if [[ ! $line =~ $regex ]]; then + found=true + break + fi + fi + fi +done < "$home/.ssh/authorized_keys" +if [ "$found" = true ]; then + echo "The new SSH pub key $2 is already present in authorized_keys on a different line." + exit 5 +fi -# Modify authorized_keys for the user : only the quota is modify with this regex -sudo sed -ri "s|--storage-quota.*\"|--storage-quota $3G\"|g" "$home/.ssh/authorized_keys" +# Modify authorized_keys for the repositoryName: update the line with the quota and the SSH pub key +sudo sed -ri "s|(command=\".*${repositoryName}.*--storage-quota ).*G\",restrict .*|\\1$3G\",restrict $2|g" "$home/.ssh/authorized_keys" \ No newline at end of file